7 Feb
2018
7 Feb
'18
4:20 p.m.
Hello,
On 05.02.18 05:56, Anthony Alba wrote:
I have kamailio behind a TLS termination proxy so the
sockets are
correctly deduced to be TCP. However the clients only talk TLS to the
proxy and are confused when the top Via header added by Kamailio is
TCP. Is there a way for Kamailio to forcibly pretend its protocol is
TLS? Like advertised_address but "advertised_protocol" instead.
(With pjsip testing: it has a flag use_tls which ignores TCP from
Kamailio and continues to use the persistent TLS transport to proxy.
Linphone fails because it tries to honor TCP in Via and is unable to
establish TCP transport).
BTW I am using t_relay_to_tcp so Kamailio will return traffic to the
proxy as TCP even though the contact addresses specify transport=TLS.
there is no
advertise_protocol as far as I know. If you want to go down
the route with a patch to the C code, you have to be careful at TLS
callbacks, because if the protocol is detected to be tls, some
encryption/decryption callbacks may be executed. I am not sure how much,
or if any, the impact is, just throwing it as a notice in advance.
Cheers,
Daniel
--
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com